|
I cant drink enough beer to squash my frustration
today. :) Can anyone help me make ANY current or previous version of PFSense
work with my situation?
I think PFSense is filling a HUGE gap in the
firewall space and would love to use it, plan to never upgrade it once its set
(provided it can just remain stable), and will gladly send cases of beer to the
fellow that helps :) Also, my hat off to the developers, you are on the right
track for filling the gap. You need to sell this bitch when its stable and sign
me up!
I have been through all versions since 076.4 and
have different issues with each. 50% is probably my dumb ass.
I need to setup a multi-WAN firewall that also has
a DMZ network as well as LAN network. I would really like to do this with CF but
I only have 2 CF to IDE adapters with 128MB CF disks. 0.76.4 installed just fine
by disabling swap and using live cd with installer. Ran just fine too until I
tried entering basic firewall rules - then it broke barfing about:
reads [132]: pass quick on rl0 proto esp from
216.26.248.144 to keep state label IPSEC: esp proto
.:.
as well did 0.78 0.79 and 0.79 upgraded to 0.79.2.
Each time I enter pretty much any rule either by 80gb hard drive install or
compact flash I get fubared after entering rules. Rules as basic as allow any
icmp to wan. save. re-fresh, barf.
My best success was with the 80gb hdd install and
all was well untill I entered an IP address and gateway to my second wan
interface. As soon as I do this (easily reproduced on 3 different machines)
my existing network starts dropping packets almost like a loop
issue. And the firewall basically locks up. No LAN web access nor ping nor
console. Although cap locks works :)
I know I must be doing something in the wrong order
here. From the beginning, I walk through the wizzard, enter hostname,
etc...enter 1st wan static and gateway (216.26.248.200, gate=216.26.248.1) and
then enter second wan ip (216.26.250.200 gate=216.26.250.1) then ok, then by the
time I get into the rest of the interface, i start seeing packets getting
dropped on my network just pinging lan to lan.
YUK! Can somebody please take a peak at my network
map layed out here: http://www.dsslink.net/pfsense/pfsense.htm
and give me some advice.
I am currently using m0n0wall on a seperate servers
and pfsense features state it can do what I am trying which will eliminate the
need for 3.
With m0n0wall we have these issues we are trying to
resolve by switching to pfsense:
Clients inside cannot ftp correctly unless their
only 1 nat behind us (they currently have m0n0wall and when we put their
machines infront of THEIR m0n0wall , their old ass ftp program works,
behind any other nat including their m0n0wall (making it a double nat), its
fubar.
Clients inside cannot access services hosted on
same m0n0wall they travel through. We would like to use the same firewwall to
serve clients as well as servers but our clients all have for example
"mail.ourdomain.com" in their mail clients and that is mapped to 216.26.248.xx
which ultimatly resides on the outside wan of the firewal Id like them to flow
through. Changing DNS is no go becuase we have outside nationwide dialups that
use the same host addresses....bad planning from the get go. I believe PFSense
supports this as Linux did. (I read FAQ....Im not comparing PFSense to Linux :)
)
No failover. Id be tickled if pfsense could just
spit its rules out to another one similar to it in realtime and Ill manually
jack the bitch in if the primary drops :) let alone the ability to make them
both live like heartbeat.
No good way to use squid.
No Multi-WAN support, futher making this a complete
mess having 3 servers to keep 3 standbye spares collecting dust.
I realize were pre-beta here but this program is
about my only hope to running my gateway cost effectively and I would
love to get it in and have a big fancy success story for the PFSense web page
:)
Anyone wanna crack at it?
Thanks!
Tim
|
- [pfSense-discussion] Ugg, Ive blown up everything Ive tried... Tim Roberts
